Disable insecure "DTLS 1.0" protocol
This script disables the DTLS 1.0 protocol. This protocol is identified as "DTLS 1.0" on Windows. It is enabled by default. DTLS (Datagram Transport Layer Security) provides secure communication over the UDP protocol. Based on the TLS protocol, DTLS offers equivalent security measures. Common uses include online gaming, DNS lookups, and VPN services. It is considered insecure and has been deprecated by Microsoft due to its vulnerabilities. It's based on TLS 1.1, which is also deprecated and in...
Disable insecure "LM & NTLM" protocols
This script improves security by setting the LanMan authentication level to send NTLMv2 responses only, refusing LM and NTLM, which are older and less secure methods. While Kerberos v5 is the default authentication protocol for domain accounts, NTLM is still used for compatibility with older systems and for authenticating logons to standalone computers. The script modifies the "HKLM\\System\\CurrentControlSet\\Control\\Lsa!LmCompatibilityLevel" registry key to enforce this security measure.
Disable insecure "NetBios" protocol
This script enhances your network's security by turning off NetBIOS over TCP/IP for all network interfaces. NetBIOS is a protocol primarily used for backward compatibility with older Windows systems. NetBIOS and LLMNR are susceptible to hacking techniques like spoofing and man-in-the-middle attacks, risking your credentials and unauthorized network access. NetBIOS was initially created for communication between applications in small networks. Its lack of authentication makes it easy for attacker...
Disable insecure "SMBv1" protocol
This script improves network security by disabling the outdated SMBv1 protocol. SMBv1, or Server Message Block version 1, is an outdated network protocol developed for file and printer sharing across networks. This protocol is well-known for its vulnerabilities to cyber attacks. Microsoft deprecated SMBv1 in 2014. Since 2007, newer and more secure versions of this protocol have replaced SMBv1 in modern versions of Windows. It is still enabled by default in older Windows versions. Microso...
Disable insecure "SSL 2.0" protocol
This script disables the SSL 2.0 protocol. This protocol is identified as "SSL 2.0" on Windows, and also known as SSL2. Modern Windows systems no longer include SSL 2.0 due to its security flaws. It was previously enabled by default, posing significant security risks from well-known vulnerabilities. Authorities like NIST (FIPS), NSA (National Security Agency), PCI Security Standards Council, IETF, and Federal Office for Information Security (BSI) recommend disabling this insecure and obsolete ...
Disable insecure "SSL 3.0" protocol
This script disables the SSL 3.0. This protocol is identified as "SSL 3.0" on Windows, and also known as SSL3 or SSLv3. Modern Windows systems disable SSL 3.0 by default due to its security flaws. It was previously enabled by default, posing significant security risks from well-known vulnerabilities, including the POODLE and BEAST attacks. Authorities like NIST (FIPS), IETF, Apple, PCI Security Standards Council, Federal Office for Information Security (BSI), Office of the Chief Information ...
Disable insecure "TLS 1.0" protocol
This script disables the TLS 1.0 protocol. This protocol is identified as "TLS 1.0" on Windows. Although deprecated and unsupported in newer Windows versions, it remains enabled by default in older versions. This protocol has well-documented security vulnerabilities, including security attacks such as BEAST and Klima. Major browsers, including Safari, Firefox, Chrome and Edge, now disable this protocol by default. Authorities like NIST (FIPS), IETF, NSA (National Security Agency), Apple, Mozilla...
Disable insecure "TLS 1.1" protocol
This protocol is identified as "TLS 1.1" on Windows. Although deprecated and unsupported in newer Windows versions, it remains enabled by default in older versions. This protocol contains fundamental well-documented security vulnerabilities. Major browsers, including Safari, Firefox, Chrome and Edge, now disable this protocol by default. Authorities like NIST (FIPS), IETF, NSA (National Security Agency), Apple, Mozilla, Microsoft, Google, PCI Security Standards Council, Federal Office for Inform...